I followed the two following tutorials:
https://cloud.google.com/go/docs/tutorials/bookshelf-on-compute-engine
https://cloud.google.com/memorystore/docs/redis/creating-managing-instances?authuser=1
The only thing I did different is that I deployed the code of Redis from the second tutorial, not from the first link.
As mentioned "Connecting to a Redis instance" You can connect to the Redis instance from any Compute Engine VM instance located within the same project, region and network as the Redis instance.
my-service: 10.162.0.17 (nic0)
redis: 10.169.12.195:6379
Same project, same region, same zone (a)
However, when I do:
user#my-service:~$ telnet 10.0.0.27 6379
Trying 10.0.0.27...
Nothing happens..
The documentation specifies the command telnet 10.0.0.27 6379. This is an example that you need to modify for your environment.
Change the command to:
telnet 10.169.12.195 6379
Related
I'm used to connect to my cluster using telepresence and access cluster services locally.
Now, I need to make services in the cluster available to a group of applications that are running in docker containers locally. We can say that it's the inverse use case.
I've an app that is running in a docker container. It access services that are deploy using docker-compose. It has been done by using a network:
docker network create myNetwork
// Make app 1 to use it
docker network connect myNetwork app1
// App 2 uses docker compose, so myNetwork is defined in it and here I just:
docker-compose up
My app1 access correctly the containers/services running in app2. However, I still need it to access a service from my cluster!
I've tried make a tunnel from my host to the cluster with telepresence and then try to access the service as if it were in my host. However it seems not to work. If I go into my app1 container and do a curl to see if the service name resolves:
curl: (6) Could not resolve host: my_cluster_service_name
Is my approach wrong? Am I missing an operation or consideration? How could I accomplish it?
Docker version: Docker version 19.03.8 for Mac
I've find a way to solve the problem.
Instead of trying to use telepresence as for the inverse use case, solution comes by using a port-forward with k9s. When creating it, it's important to do not leave the default interface, that is set to localhost, and put 0.0.0.0 instead to ensure that it listens traffic from all interfaces.
Then I've changed my containers from inside, making the services to point to my host's IP when trying to resolve the service names. Use the method that better fits your case for this: since it's not a production environment I just tried hardcoding my host IP manually to check if the connectivity was achieved.
To point to an specific service of your cluster you need to use different ports since they will be all mapped to your host with different port-forwards. Name resolving is no longer needed.
With this configuration, your container request will reach your host, where the port-forward routes it to the cluster. Connectivity is OK with this setup and the problem is solved.
Have a Docker database mySql which has been setup like port 3308:3306, that mean internal docker port 3306 has been hosted by local host port 3308 and i am able to connect with this DB from my local machine and application by using port 3308 simply.
but if i run an application in Docker itself, what should be the value of below hostname and port to connect with Docker database.
jdbc:mysql://hostname:port/DBName?useSSL=false
I would recommend this kind of setup to the docker run command
Create a private bridge network.
docker network create --driver bridge privet-net
Now start your application and DB containers along with the following flag added.
--network private-net
On user-defined networks, containers can not only communicate by IP address but can also resolve a container name to an IP address. This capability is called automatic service discovery.
Read this for more details on Docker container networking.
Now you can use the following URL to access the database.
jdbc:mysql://<DB_Container_name>:port/DBName?useSSL=false
This approach might look complex, but its the recommended way. With this setup, your DB will be in a private network and cannot be accessed by other containers as well. This adds extra security to your database.
I’ve now tried to create a serverless Aurora (MySQL compatible) database and connect to it for two days, and I just can’t seem to get it to work. Supposedly I should have been able to get it up and running in five minutes.
In any case, I created am Aurora Serverless database in the US East (N. Virginia) region (us-east-1), and have been able to connect to it with the AWS Query Editor. I also have an EC2 server in the same region, and have given the Aurora database the same security group (under RDS > Security Group), and in the security group I have opened for MYSQL/Aurora (TCP, 3306) from all sources. When I click the modify button on the database, there is also another (VPC) Security Group listed (rds-launch-wizard-4), which was created automatically. This one I also located under my EC2 dashboard and gave access to all ports from all sources (inbound), and to all ports (outbound). And there is a networking VPC & subnet group, which I don’t know what to do with, if anything.
I try to connect to the database, using this command line command:
mysql -h hest2.cluster-xxxxx.us-east-1.rds.amazonaws.com -P 3306 -u root –p
It generates an error “ERROR 2003 (HY000): Can't connect to MySQL server on” on both my EC2 instance, my local computer and on other online servers.
From the EC2 instance, try doing a telnet on the DB port to test if all your security group settings are applied correctly.
telnet hest2.cluster-xxxxx.us-east-1.rds.amazonaws.com 3306
If the connection does go through, then the issue is with your client code. Cross check that you have wired the right endpoint in your code.
If the telnet connection does not group (I'm guessing that it would not), then it is guaranteed that your security group settings are not set correctly. In order to debug this further, we would need more details on:
The list of vpc security groups associated with your cluster.
The details of each of these vpc security groups (You've mentioned that
you've opened up everything, but I'd like to see the exact rules in
place)
As for laptop and other servers - If they are outside the VPC, then it would not work. Aurora Serverless is accessible only from within the VPC as of now.
I have installed rundeck in docker using ec2 instance.
When I run the image and start rundeck. It's fine.
Lynx http:localhost:4440
Us able to show rundeck dashboard.
But, how can I access this rundeck from Windows browser?
I tried using address but connection refused.
In order to access this from outside for your setup, you might have to ensure the following things:
Ensure that host server (ec2) is forwarding ports to the docker container. You should have used -p or -ports when launching the container for this.
Test: From your EC2 instance, you should be able to access: http://localhost:4440
Ensure you have a public IP assigned to your EC2. You should be able to see that from your aws ec2 console: http://console.aws.amazon.com/ec2
Ensure that your security group(s) for that instance has InBound connections to accept 4440 from your IP or rest of the world.
After this, your http://:4440 should work.
I hope I got your question correct.
Let me know how it goes,
Thanks,
Anoop
I have used http://cloud.memsql.com to successfully deploy a MemSQL cluster to EC2 as documented here: http://docs.memsql.com/4.0/setup/setup_cloud/.
I can SSH to the master aggregator, and successfully login to the MemSQL prompt locally. However, I cannot connect remotely using a MySQL client application.
I have double-checked port 3306 is open and just for testing have applied all privileges to root:
GRANT ALL PRIVILEGES ON *.* TO root#'%' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
The documentation states:
Once your cluster is up and running, connect to the master aggregator using any valid MySQL client driver.
Can anyone advise on a step I have missed?
--
UPDATE 1 - The source range is open for the MemSQL port:
3306 tcp 0.0.0.0/0
UPDATE 2 - ufw has been disabled for testing.
Currently, clusters spun up by cloud.memsql.com lock down their security group to the vpc for the MemSQL ports (like 3306). If you want to access it from outside of the vpc, you will need to add a new rule to the group. Something like this would open the group completely:
Add an Ingress rule for port 3306-3306 for CIDR: 0.0.0.0/0
Note that this will open the cluster to the world, and anyone will be able to connect. Instead of 0.0.0.0/0, I recommend using your public ip and a /32 like so: YOUR_IP/32
It turned out to be a DNS issue by the provider I was using. Tried connecting using a cell phone and had no issues.